npm - @unidy.io/sdk - Versions diffs - 1.1.7 → 1.1.8 - Mend

@unidy.io/sdk 1.1.7 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (805) hide show

package/dist/components/auth.js DELETED Viewed

@@ -1,581 +0,0 @@
-import { g as getUnidyClient } from './index2.js';
-import { t } from './i18n.js';
-import { w as waitForConfig } from './unidy-store.js';
-import { a as authStore, s as state } from './auth-store.js';
-import { c as createLogger } from './logger.js';
-import { s as state$1 } from './profile-store.js';
-import { c as clearUrlParam } from './component-utils.js';
-import { F as Flash } from './flash-store.js';
-import { Y as captureException } from './exports.js';
-class InvalidTokenError extends Error {
-}
-InvalidTokenError.prototype.name = "InvalidTokenError";
-function b64DecodeUnicode(str) {
-    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {
-        let code = p.charCodeAt(0).toString(16).toUpperCase();
-        if (code.length < 2) {
-            code = "0" + code;
-        }
-        return "%" + code;
-    }));
-}
-function base64UrlDecode(str) {
-    let output = str.replace(/-/g, "+").replace(/_/g, "/");
-    switch (output.length % 4) {
-        case 0:
-            break;
-        case 2:
-            output += "==";
-            break;
-        case 3:
-            output += "=";
-            break;
-        default:
-            throw new Error("base64 string is not of the correct length");
-    }
-    try {
-        return b64DecodeUnicode(output);
-    }
-    catch (err) {
-        return atob(output);
-    }
-}
-function jwtDecode(token, options) {
-    if (typeof token !== "string") {
-        throw new InvalidTokenError("Invalid token specified: must be a string");
-    }
-    options || (options = {});
-    const pos = options.header === true ? 0 : 1;
-    const part = token.split(".")[pos];
-    if (typeof part !== "string") {
-        throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
-    }
-    let decoded;
-    try {
-        decoded = base64UrlDecode(part);
-    }
-    catch (e) {
-        throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);
-    }
-    try {
-        return JSON.parse(decoded);
-    }
-    catch (e) {
-        throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);
-    }
-}
-const logger = createLogger("PasskeyAuth");
-const PASSKEY_ERRORS = {
-    NotSupportedError: "passkey_not_supported",
-    NotAllowedError: "passkey_cancelled",
-    SecurityError: "passkey_security_error",
-    InvalidStateError: "passkey_invalid_state",
-};
-function decodeBase64Url(base64url) {
-    const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
-    const padded = base64 + "=".repeat((4 - (base64.length % 4)) % 4);
-    return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));
-}
-function buildPublicKeyOptions(options) {
-    return {
-        challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),
-        timeout: options.timeout || 60000,
-        rpId: options.rpId,
-        userVerification: options.userVerification || "required",
-        allowCredentials: options.allowCredentials?.map((cred) => ({
-            ...cred,
-            id: decodeBase64Url(cred.id),
-        })),
-    };
-}
-function formatCredentialForServer(credential) {
-    const response = credential.response;
-    return {
-        id: credential.id,
-        rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
-        response: {
-            authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),
-            clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),
-            signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),
-        },
-        type: credential.type,
-    };
-}
-function extractAndSetSignInId(tokenResponse) {
-    if (tokenResponse.sid) {
-        authStore.setSignInId(tokenResponse.sid);
-        return;
-    }
-    // Fallback: extract sid from JWT token payload
-    try {
-        const decoded = jwtDecode(tokenResponse.jwt);
-        if (decoded.sid) {
-            authStore.setSignInId(decoded.sid);
-        }
-    }
-    catch {
-        // Failed to decode JWT token to extract sid, continue without it
-    }
-}
-function handlePasskeyError(error) {
-    logger.error("Passkey error:", error);
-    let errorMessage = "passkey_error";
-    if (error instanceof DOMException) {
-        errorMessage = PASSKEY_ERRORS[error.name] || "passkey_error";
-    }
-    authStore.setFieldError("passkey", errorMessage);
-    authStore.setLoading(false);
-}
-async function authenticateWithPasskey(client, onSuccess) {
-    authStore.setLoading(true);
-    authStore.clearErrors();
-    if (!window.PublicKeyCredential) {
-        authStore.setFieldError("passkey", "passkey_not_supported");
-        authStore.setLoading(false);
-        return;
-    }
-    try {
-        const [optionsError, options] = await client.auth.getPasskeyOptions(state.sid || undefined);
-        if (optionsError || !options) {
-            authStore.setFieldError("passkey", optionsError || "bad_request");
-            authStore.setLoading(false);
-            return;
-        }
-        const publicKeyOptions = buildPublicKeyOptions(options);
-        const credential = (await navigator.credentials.get({
-            publicKey: publicKeyOptions,
-        }));
-        if (!credential) {
-            authStore.setFieldError("passkey", "passkey_cancelled");
-            authStore.setLoading(false);
-            return;
-        }
-        const formattedCredential = formatCredentialForServer(credential);
-        const [verifyError, tkResponse] = await client.auth.authenticateWithPasskey(formattedCredential);
-        const tokenResponse = tkResponse;
-        if (verifyError || !tokenResponse) {
-            authStore.setGlobalError("auth", verifyError || "authentication_failed");
-            authStore.setLoading(false);
-            return;
-        }
-        authStore.setToken(tokenResponse.jwt);
-        extractAndSetSignInId(tokenResponse);
-        onSuccess(tokenResponse);
-    }
-    catch (error) {
-        handlePasskeyError(error);
-    }
-}
-class AuthHelpers {
-    client;
-    logger = createLogger("AuthHelpers");
-    constructor(client) {
-        this.client = client;
-    }
-    async createSignIn(email, password, sendMagicCode) {
-        if (!email) {
-            throw new Error(t("errors.required_field", { field: "Email" }));
-        }
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        const [error, response] = await this.client.auth.createSignIn(email, password, sendMagicCode);
-        if (error) {
-            this.handleAuthError(error, response, password ? "password" : "email");
-            return;
-        }
-        if (password) {
-            const token = jwtDecode(response.jwt);
-            authStore.setSignInId(token.sid);
-            authStore.setToken(response.jwt);
-            authStore.setLoading(false);
-            authStore.getRootComponentRef()?.onAuth(response);
-            return;
-        }
-        if (sendMagicCode) {
-            authStore.setSignInId(response.sid);
-            authStore.setMagicCodeStep("sent");
-            authStore.setStep("magic-code");
-            authStore.setLoading(false);
-            return [error, response];
-        }
-        const signInResponse = response;
-        authStore.setStep("verification");
-        authStore.setEmail(email);
-        authStore.setSignInId(signInResponse.sid);
-        authStore.setLoginOptions(signInResponse.login_options);
-        authStore.setLoading(false);
-    }
-    async authenticateWithPassword(password) {
-        if (!state.sid) {
-            throw new Error(t("errors.no_sign_in_id"));
-        }
-        if (!password) {
-            throw new Error(t("errors.required_field", { field: "Password" }));
-        }
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        const [error, response] = await this.client.auth.authenticateWithPassword(state.sid, password);
-        if (error) {
-            this.handleAuthError(error, response, "password");
-        }
-        else {
-            authStore.setLoading(false);
-            this.handleAuthSuccess(response);
-            return;
-        }
-    }
-    async authenticateWithMagicCode(code) {
-        if (!state.sid) {
-            throw new Error(t("errors.no_sign_in_id"));
-        }
-        if (!code) {
-            throw new Error(t("errors.magic_code_is_missing"));
-        }
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        const [error, response] = await this.client.auth.authenticateWithMagicCode(state.sid, code);
-        if (error) {
-            this.handleAuthError(error, response, "magicCode");
-            return;
-        }
-        this.handleAuthSuccess(response);
-    }
-    authenticateWithPasskey() {
-        return authenticateWithPasskey(this.client, (response) => this.handleAuthSuccess(response));
-    }
-    async logout() {
-        const [error, _] = await this.client.auth.signOut(state.sid);
-        if (error) {
-            authStore.setGlobalError("auth", error);
-        }
-        return [error, _];
-    }
-    async refreshToken() {
-        if (state.step === "missing-fields") {
-            return;
-        }
-        const sid = clearUrlParam("sid");
-        if (sid) {
-            authStore.setSignInId(sid);
-        }
-        if (!state.sid) {
-            this.logger.warn("No sign-in ID in the session");
-            return;
-        }
-        const [error, response] = await this.client.auth.refreshToken(state.sid);
-        if (error) {
-            authStore.reset();
-            authStore.setGlobalError("auth", error);
-        }
-        else {
-            authStore.setToken(response.jwt);
-        }
-    }
-    async sendMagicCode() {
-        if (!state.sid && state.step !== "single-login") {
-            throw new Error(t("errors.no_sign_in_id"));
-        }
-        authStore.setMagicCodeStep("requested");
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        if (state.step === "single-login") {
-            const [error, response] = await this.createSignIn(state.email, undefined, true);
-            authStore.setLoading(false);
-            return [error, response];
-        }
-        const [error, response] = await this.client.auth.sendMagicCode(state.sid);
-        authStore.setLoading(false);
-        authStore.setStep("magic-code");
-        if (!error) {
-            authStore.setMagicCodeStep("sent");
-            return [null, response];
-        }
-        authStore.setFieldError("magicCode", error);
-        if (error === "magic_code_recently_created") {
-            authStore.setMagicCodeStep("sent");
-        }
-        return [error, response];
-    }
-    async sendResetPasswordEmail() {
-        if (!state.sid) {
-            throw new Error(t("errors.no_sign_in_id"));
-        }
-        authStore.setLoading(true);
-        authStore.setResetPasswordStep("requested");
-        const [error, _] = await this.client.auth.sendResetPasswordEmail(state.sid, window.location.href);
-        if (error) {
-            authStore.setFieldError("resetPassword", error);
-        }
-        else {
-            authStore.setResetPasswordStep("sent");
-            authStore.clearErrors();
-        }
-        authStore.setLoading(false);
-    }
-    async resetPassword() {
-        if (!state.resetPassword.token) {
-            throw new Error("No reset token available");
-        }
-        if (!state.resetPassword.newPassword) {
-            authStore.setFieldError("resetPassword", "password_required");
-            return;
-        }
-        if (state.resetPassword.passwordConfirmation &&
-            state.resetPassword.newPassword !== state.resetPassword.passwordConfirmation) {
-            authStore.setFieldError("resetPassword", "passwords_do_not_match");
-            return;
-        }
-        authStore.setLoading(true);
-        authStore.clearErrors();
-        const [error, response] = await this.client.auth.resetPassword(state.sid, state.resetPassword.token, state.resetPassword.newPassword, state.resetPassword.passwordConfirmation);
-        if (error) {
-            authStore.setFieldError("resetPassword", error);
-            // TODO: add proper password requirements handling --> for now this is fine
-            if (error === "invalid_password") {
-                authStore.setFieldError("password", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join("\n"));
-            }
-        }
-        else {
-            authStore.setStep("email");
-            authStore.updateResetPassword({
-                step: "completed",
-                token: null,
-                newPassword: "",
-                passwordConfirmation: "",
-            });
-            clearUrlParam("reset_password_token");
-            Flash.success.addMessage("Password reset successfully");
-        }
-        authStore.setLoading(false);
-    }
-    async handleResetPasswordRedirect() {
-        const url = new URL(window.location.href);
-        const params = url.searchParams;
-        const resetToken = params.get("reset_password_token");
-        if (!resetToken) {
-            return;
-        }
-        if (state.sid) {
-            authStore.setLoading(true);
-            const [error] = await this.client.auth.validateResetPasswordToken(state.sid, resetToken);
-            if (error) {
-                authStore.setFieldError("resetPassword", error);
-                authStore.setStep("reset-password");
-                authStore.setLoading(false);
-                return;
-            }
-        }
-        authStore.setResetToken(resetToken);
-        authStore.setStep("reset-password");
-        authStore.setLoading(false);
-    }
-    handleSocialAuthRedirect() {
-        const url = new URL(window.location.href);
-        const params = url.searchParams;
-        const error = params.get("error");
-        // Not a social auth redirect (normal page load)
-        if (!error && !params.has("sid")) {
-            return;
-        }
-        // Handle successful social auth redirect
-        if (!error && params.has("sid") && params.has("id_token")) {
-            authStore.setSignInId(clearUrlParam("sid"));
-            const idToken = clearUrlParam("id_token");
-            if (idToken) {
-                authStore.setToken(idToken);
-                this.handleAuthSuccess({ jwt: idToken });
-            }
-            else {
-                this.logger.error("No ID token found in the URL on social auth redirect");
-            }
-            return;
-        }
-        // Handle missing required fields
-        if (error !== "missing_required_fields") {
-            this.logger.error("Social auth redirect error:", error);
-            return;
-        }
-        const fieldsFromUrl = clearUrlParam("fields");
-        const sid = clearUrlParam("sid");
-        clearUrlParam("error");
-        if (!fieldsFromUrl || !sid) {
-            return;
-        }
-        try {
-            const fields = JSON.parse(fieldsFromUrl);
-            authStore.setSignInId(sid);
-            this.handleMissingFields(fields);
-        }
-        catch (e) {
-            this.logger.error("Failed to parse missing fields payload:", e);
-            authStore.setGlobalError("auth", "invalid_required_fields_payload");
-        }
-    }
-    handleAuthError(error, response, fallbackField) {
-        switch (error) {
-            case "account_not_found":
-                authStore.setFieldError("email", error);
-                break;
-            case "missing_required_fields": {
-                const { fields, sid } = response;
-                this.handleMissingFields(fields);
-                if (sid) {
-                    authStore.setSignInId(sid);
-                }
-                break;
-            }
-            default:
-                if (fallbackField === "password") {
-                    authStore.setFieldError("password", error);
-                }
-                else if (fallbackField === "magicCode") {
-                    authStore.setFieldError("magicCode", error);
-                }
-                else if (fallbackField === "email") {
-                    authStore.setFieldError("email", error);
-                }
-                else {
-                    // e.g. "account_locked", "internal_server_error"
-                    authStore.setGlobalError("auth", error);
-                }
-                break;
-        }
-        authStore.setLoading(false);
-    }
-    handleMissingFields(fields) {
-        authStore.setMissingFields(fields);
-        state$1.data = fields;
-        authStore.setStep("missing-fields");
-        authStore.setLoading(false);
-    }
-    handleAuthSuccess(response) {
-        authStore.setToken(response.jwt);
-        authStore.setLoading(false);
-        authStore.getRootComponentRef()?.onAuth(response);
-    }
-}
-class Auth {
-    static instance;
-    helpers;
-    constructor(client) {
-        this.helpers = new AuthHelpers(client);
-    }
-    static Errors = {
-        email: {
-            NOT_FOUND: "account_not_found",
-        },
-        magicCode: {
-            RECENTLY_CREATED: "magic_code_recently_created",
-            NOT_VALID: "magic_code_not_valid",
-            EXPIRED: "magic_code_expired",
-            USED: "magic_code_used",
-        },
-        password: {
-            INVALID: "invalid_password",
-            NOT_SET: "password_not_set",
-            RESET_PASSWORD_ALREADY_SENT: "reset_password_already_sent",
-        },
-        general: {
-            ACCOUNT_LOCKED: "account_locked",
-            SIGN_IN_EXPIRED: "sign_in_expired",
-        },
-    };
-    static async getInstance() {
-        if (!Auth.isInitialized()) {
-            await waitForConfig();
-            return Auth.initialize(getUnidyClient());
-        }
-        return Auth.instance;
-    }
-    static async initialize(client) {
-        if (Auth.instance) {
-            return Auth.instance;
-        }
-        Auth.instance = new Auth(client);
-        Auth.instance.helpers.handleSocialAuthRedirect();
-        await Auth.instance.helpers.handleResetPasswordRedirect();
-        if (Auth.instance.isTokenValid(state.token)) {
-            authStore.setAuthenticated(true);
-        }
-        return Auth.instance;
-    }
-    static isInitialized() {
-        return !!Auth.instance;
-    }
-    isTokenValid(token) {
-        try {
-            let decoded;
-            if (typeof token === "string") {
-                decoded = jwtDecode(token);
-            }
-            else {
-                decoded = token;
-            }
-            if (!decoded)
-                return false;
-            const currentTime = Date.now() / 1000;
-            return decoded.exp > currentTime;
-        }
-        catch (error) {
-            captureException(error);
-            return false;
-        }
-    }
-    async isAuthenticated() {
-        const token = await this.getToken();
-        return typeof token === "string";
-    }
-    async getToken() {
-        const currentToken = state.token;
-        if (currentToken && this.isTokenValid(currentToken)) {
-            return currentToken;
-        }
-        await this.helpers.refreshToken();
-        if (state.globalErrors.auth || !state.token) {
-            return this.createAuthError(t("errors.refresh_failed"), "REFRESH_FAILED", true);
-        }
-        return state.token;
-    }
-    async userData() {
-        const token = await this.getToken();
-        if (typeof token !== "string") {
-            return null;
-        }
-        if (!token) {
-            return null;
-        }
-        try {
-            return jwtDecode(token);
-        }
-        catch (error) {
-            captureException(error);
-            return null;
-        }
-    }
-    async logout() {
-        const [error, _] = await this.helpers.logout();
-        if (error) {
-            return this.createAuthError(t("errors.sign_out_failed", { reason: error }), "SIGN_OUT_FAILED", false);
-        }
-        authStore.reset();
-        return true;
-    }
-    getEmail() {
-        return state.email;
-    }
-    createAuthError(message, code, requiresReauth = false) {
-        const error = new Error(message);
-        error.code = code;
-        error.requiresReauth = requiresReauth;
-        return error;
-    }
-}
-export { Auth as A };
-//# sourceMappingURL=auth.js.map
-//# sourceMappingURL=auth.js.map

package/dist/components/auth.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"file":"auth.js","mappings":";;;;;;;;;;AAAO,MAAM,iBAAiB,SAAS,KAAK,CAAC;AAC7C;AACA,iBAAiB,CAAC,SAAS,CAAC,IAAI,GAAG,mBAAmB;AACtD,SAAS,gBAAgB,CAAC,GAAG,EAAE;AAC/B,IAAI,OAAO,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK;AAClE,QAAQ,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE;AAC7D,QAAQ,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7B,YAAY,IAAI,GAAG,GAAG,GAAG,IAAI;AAC7B;AACA,QAAQ,OAAO,GAAG,GAAG,IAAI;AACzB,KAAK,CAAC,CAAC;AACP;AACA,SAAS,eAAe,CAAC,GAAG,EAAE;AAC9B,IAAI,IAAI,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;AAC1D,IAAI,QAAQ,MAAM,CAAC,MAAM,GAAG,CAAC;AAC7B,QAAQ,KAAK,CAAC;AACd,YAAY;AACZ,QAAQ,KAAK,CAAC;AACd,YAAY,MAAM,IAAI,IAAI;AAC1B,YAAY;AACZ,QAAQ,KAAK,CAAC;AACd,YAAY,MAAM,IAAI,GAAG;AACzB,YAAY;AACZ,QAAQ;AACR,YAAY,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC;AACzE;AACA,IAAI,IAAI;AACR,QAAQ,OAAO,gBAAgB,CAAC,MAAM,CAAC;AACvC;AACA,IAAI,OAAO,GAAG,EAAE;AAChB,QAAQ,OAAO,IAAI,CAAC,MAAM,CAAC;AAC3B;AACA;AACO,SAAS,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE;AAC1C,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AACnC,QAAQ,MAAM,IAAI,iBAAiB,CAAC,2CAA2C,CAAC;AAChF;AACA,IAAI,OAAO,KAAK,OAAO,GAAG,EAAE,CAAC;AAC7B,IAAI,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC;AAC/C,IAAI,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;AACtC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;AAClC,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,uCAAuC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACxF;AACA,IAAI,IAAI,OAAO;AACf,IAAI,IAAI;AACR,QAAQ,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC;AACvC;AACA,IAAI,OAAO,CAAC,EAAE;AACd,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,kDAAkD,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClH;AACA,IAAI,IAAI;AACR,QAAQ,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;AAClC;AACA,IAAI,OAAO,CAAC,EAAE;AACd,QAAQ,MAAM,IAAI,iBAAiB,CAAC,CAAC,gDAAgD,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAChH;AACA;;AClDA,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC;AAE1C,MAAM,cAAc,GAA2B;AAC7C,IAAA,iBAAiB,EAAE,uBAAuB;AAC1C,IAAA,eAAe,EAAE,mBAAmB;AACpC,IAAA,aAAa,EAAE,wBAAwB;AACvC,IAAA,iBAAiB,EAAE,uBAAuB;CAC3C;AAED,SAAS,eAAe,CAAC,SAAiB,EAAA;AACxC,IAAA,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;IAC9D,MAAM,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC9D;AAEA,SAAS,qBAAqB,CAAC,OAA+B,EAAA;IAC5D,OAAO;QACL,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC3E,QAAA,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK;QACjC,IAAI,EAAE,OAAO,CAAC,IAAI;AAClB,QAAA,gBAAgB,EAAG,OAAO,CAAC,gBAAgD,IAAI,UAAU;AACzF,QAAA,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC,IAAI,MAAM;AACzD,YAAA,GAAG,IAAI;AACP,YAAA,EAAE,EAAE,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;AAC7B,SAAA,CAAC,CAAC;KACJ;AACH;AAEA,SAAS,yBAAyB,CAAC,UAA+B,EAAA;AAChE,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA0C;IACtE,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,EAAE;AACjB,QAAA,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AACrE,QAAA,QAAQ,EAAE;AACR,YAAA,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;AAC3F,YAAA,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;AACrF,YAAA,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AAC5E,SAAA;QACD,IAAI,EAAE,UAAU,CAAC,IAAI;KACtB;AACH;AAEA,SAAS,qBAAqB,CAAC,aAA4B,EAAA;AACzD,IAAA,IAAI,aAAa,CAAC,GAAG,EAAE;AACrB,QAAA,SAAS,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,CAAC;QACxC;;;AAIF,IAAA,IAAI;QACF,MAAM,OAAO,GAAG,SAAS,CAAe,aAAa,CAAC,GAAG,CAAC;AAC1D,QAAA,IAAI,OAAO,CAAC,GAAG,EAAE;AACf,YAAA,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;;;AAEpC,IAAA,MAAM;;;AAGV;AAEA,SAAS,kBAAkB,CAAC,KAAc,EAAA;AACxC,IAAA,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC;IAErC,IAAI,YAAY,GAAG,eAAe;AAClC,IAAA,IAAI,KAAK,YAAY,YAAY,EAAE;QACjC,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,eAAe;;AAG9D,IAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,YAAY,CAAC;AAChD,IAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC7B;AAEO,eAAe,uBAAuB,CAAC,MAAmB,EAAE,SAA4C,EAAA;AAC7G,IAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;IAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,IAAA,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE;AAC/B,QAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,uBAAuB,CAAC;AAC3D,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;QAC3B;;AAGF,IAAA,IAAI;AACF,QAAA,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAACA,KAAS,CAAC,GAAG,IAAI,SAAS,CAAC;AAE/F,QAAA,IAAI,YAAY,IAAI,CAAC,OAAO,EAAE;YAC5B,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,YAAY,IAAI,aAAa,CAAC;AACjE,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,OAAiC,CAAC;QAEjF,MAAM,UAAU,IAAI,MAAM,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;AAClD,YAAA,SAAS,EAAE,gBAAgB;AAC5B,SAAA,CAAC,CAA+B;QAEjC,IAAI,CAAC,UAAU,EAAE;AACf,YAAA,SAAS,CAAC,aAAa,CAAC,SAAS,EAAE,mBAAmB,CAAC;AACvD,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,UAAU,CAAC;AAEjE,QAAA,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,mBAAmB,CAAC;QAEhG,MAAM,aAAa,GAAG,UAA2B;AACjD,QAAA,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE;YACjC,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,IAAI,uBAAuB,CAAC;AACxE,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B;;AAGF,QAAA,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC;QACrC,qBAAqB,CAAC,aAAa,CAAC;QACpC,SAAS,CAAC,aAAa,CAAC;;IACxB,OAAO,KAAK,EAAE;QACd,kBAAkB,CAAC,KAAK,CAAC;;AAE7B;;MCjHa,WAAW,CAAA;AACd,IAAA,MAAM;AACN,IAAA,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC;AAE5C,IAAA,WAAA,CAAY,MAAmB,EAAA;AAC7B,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;;AAGtB,IAAA,MAAM,YAAY,CAAC,KAAa,EAAE,QAAiB,EAAE,aAAuB,EAAA;QAC1E,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;;AAGjE,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,aAAa,CAAC;QAE7F,IAAI,KAAK,EAAE;AACT,YAAA,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;YACtE;;QAGF,IAAI,QAAQ,EAAE;YACZ,MAAM,KAAK,GAAG,SAAS,CAAgB,QAA0B,CAAC,GAAG,CAAC;AACtE,YAAA,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC;AAChC,YAAA,SAAS,CAAC,QAAQ,CAAE,QAA0B,CAAC,GAAG,CAAC;AACnD,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;YAC3B,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,CAAC,QAAyB,CAAC;YAClE;;QAGF,IAAI,aAAa,EAAE;AACjB,YAAA,SAAS,CAAC,WAAW,CAAE,QAAiC,CAAC,GAAG,CAAC;AAC7D,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAClC,YAAA,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC;AAC/B,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;QAEnC,MAAM,cAAc,GAAG,QAAgC;AACvD,QAAA,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC;AACjC,QAAA,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AACzB,QAAA,SAAS,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC;AACzC,QAAA,SAAS,CAAC,eAAe,CAAC,cAAc,CAAC,aAAa,CAAC;AACvD,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;IAG7B,MAAM,wBAAwB,CAAC,QAAgB,EAAA;AAC7C,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;QAG5C,IAAI,CAAC,QAAQ,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;;AAGpE,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAACA,KAAS,CAAC,GAAG,EAAE,QAAQ,CAAC;QAElG,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC;;aAC5C;AACL,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,IAAI,CAAC,iBAAiB,CAAC,QAAyB,CAAC;YACjD;;;IAIJ,MAAM,yBAAyB,CAAC,IAAY,EAAA;AAC1C,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;QAG5C,IAAI,CAAC,IAAI,EAAE;YACT,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC;;AAGpD,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;QAEvB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAACA,KAAS,CAAC,GAAG,EAAE,IAAI,CAAC;QAE/F,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,WAAW,CAAC;YAClD;;AAGF,QAAA,IAAI,CAAC,iBAAiB,CAAC,QAAyB,CAAC;;IAGnD,uBAAuB,GAAA;AACrB,QAAA,OAAO,uBAAuB,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;;AAG7F,IAAA,MAAM,MAAM,GAAA;AACV,QAAA,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAACA,KAAS,CAAC,GAAa,CAAC;QAE1E,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;AAGzC,QAAA,OAAO,CAAC,KAAK,EAAE,CAAC,CAAU;;AAG5B,IAAA,MAAM,YAAY,GAAA;AAChB,QAAA,IAAIA,KAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE;YACvC;;AAGF,QAAA,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC;QAChC,IAAI,GAAG,EAAE;AACP,YAAA,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;;AAG5B,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;AAClB,YAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC;YAChD;;AAGF,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAACA,KAAS,CAAC,GAAG,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,SAAS,CAAC,KAAK,EAAE;AACjB,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;aAClC;AACL,YAAA,SAAS,CAAC,QAAQ,CAAE,QAA0B,CAAC,GAAG,CAAC;;;AAIvD,IAAA,MAAM,aAAa,GAAA;QACjB,IAAI,CAACA,KAAS,CAAC,GAAG,IAAIA,KAAS,CAAC,IAAI,KAAK,cAAc,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;AAG5C,QAAA,SAAS,CAAC,gBAAgB,CAAC,WAAW,CAAC;AACvC,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,QAAA,IAAIA,KAAS,CAAC,IAAI,KAAK,cAAc,EAAE;AACrC,YAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,YAAY,CAACA,KAAS,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC;AACnF,YAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAC3B,YAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;AAGnC,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAACA,KAAS,CAAC,GAAG,CAAC;AAE7E,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;AAE3B,QAAA,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC;QAE/B,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAElC,YAAA,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAU;;AAGlC,QAAA,SAAS,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC;AAE3C,QAAA,IAAI,KAAK,KAAK,6BAA6B,EAAE;AAC3C,YAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;;AAGpC,QAAA,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAU;;AAGnC,IAAA,MAAM,sBAAsB,GAAA;AAC1B,QAAA,IAAI,CAACA,KAAS,CAAC,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;;AAG5C,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;AAC1B,QAAA,SAAS,CAAC,oBAAoB,CAAC,WAAW,CAAC;QAE3C,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAACA,KAAS,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAErG,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;;aAC1C;AACL,YAAA,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC;YACtC,SAAS,CAAC,WAAW,EAAE;;AAGzB,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAG7B,IAAA,MAAM,aAAa,GAAA;AACjB,QAAA,IAAI,CAACA,KAAS,CAAC,aAAa,CAAC,KAAK,EAAE;AAClC,YAAA,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC;;AAG7C,QAAA,IAAI,CAACA,KAAS,CAAC,aAAa,CAAC,WAAW,EAAE;AACxC,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,mBAAmB,CAAC;YAC7D;;AAGF,QAAA,IACEA,KAAS,CAAC,aAAa,CAAC,oBAAoB;YAC5CA,KAAS,CAAC,aAAa,CAAC,WAAW,KAAKA,KAAS,CAAC,aAAa,CAAC,oBAAoB,EACpF;AACA,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,wBAAwB,CAAC;YAClE;;AAGF,QAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;QAC1B,SAAS,CAAC,WAAW,EAAE;AAEvB,QAAA,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAC5DA,KAAS,CAAC,GAAa,EACvBA,KAAS,CAAC,aAAa,CAAC,KAAK,EAC7BA,KAAS,CAAC,aAAa,CAAC,WAAW,EACnCA,KAAS,CAAC,aAAa,CAAC,oBAAoB,CAC7C;QAED,IAAI,KAAK,EAAE;AACT,YAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;;AAG/C,YAAA,IAAI,KAAK,KAAK,kBAAkB,EAAE;AAChC,gBAAA,SAAS,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,aAAa,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA,6BAAA,EAAgC,CAAC,CAAE,CAAA,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;;aAEhI;AACL,YAAA,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC;YAC1B,SAAS,CAAC,mBAAmB,CAAC;AAC5B,gBAAA,IAAI,EAAE,WAAW;AACjB,gBAAA,KAAK,EAAE,IAAI;AACX,gBAAA,WAAW,EAAE,EAAE;AACf,gBAAA,oBAAoB,EAAE,EAAE;AACzB,aAAA,CAAC;YAEF,aAAa,CAAC,sBAAsB,CAAC;AACrC,YAAA,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,6BAA6B,CAAC;;AAGzD,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAG7B,IAAA,MAAM,2BAA2B,GAAA;QAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AACzC,QAAA,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAErD,IAAI,CAAC,UAAU,EAAE;YACf;;AAGF,QAAA,IAAIA,KAAS,CAAC,GAAG,EAAE;AACjB,YAAA,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC;AAE1B,YAAA,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAACA,KAAS,CAAC,GAAG,EAAE,UAAU,CAAC;YAE5F,IAAI,KAAK,EAAE;AACT,gBAAA,SAAS,CAAC,aAAa,CAAC,eAAe,EAAE,KAAK,CAAC;AAC/C,gBAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,gBAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;gBAC3B;;;AAIJ,QAAA,SAAS,CAAC,aAAa,CAAC,UAAU,CAAC;AACnC,QAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;IAG7B,wBAAwB,GAAA;QACtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AACzC,QAAA,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;;QAGjC,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YAChC;;;AAIF,QAAA,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE;YACzD,SAAS,CAAC,WAAW,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;AAE3C,YAAA,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC;YAEzC,IAAI,OAAO,EAAE;AACX,gBAAA,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC3B,IAAI,CAAC,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAmB,CAAC;;iBACpD;AACL,gBAAA,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sDAAsD,CAAC;;YAG3E;;;AAIF,QAAA,IAAI,KAAK,KAAK,yBAAyB,EAAE;YACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC;YACvD;;AAGF,QAAA,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,CAAC;AAC7C,QAAA,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC;QAChC,aAAa,CAAC,OAAO,CAAC;AAEtB,QAAA,IAAI,CAAC,aAAa,IAAI,CAAC,GAAG,EAAE;YAC1B;;AAGF,QAAA,IAAI;YACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC;AACxC,YAAA,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;AAE1B,YAAA,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC;;QAChC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,CAAC,CAAC;AAC/D,YAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,iCAAiC,CAAC;;;AAI/D,IAAA,eAAe,CAAC,KAAa,EAAE,QAAiB,EAAE,aAAkD,EAAA;QAC1G,QAAQ,KAAK;AACX,YAAA,KAAK,mBAAmB;AACtB,gBAAA,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC;gBACvC;YAEF,KAAK,yBAAyB,EAAE;AAC9B,gBAAA,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAkC;AAC1D,gBAAA,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC;gBAChC,IAAI,GAAG,EAAE;AACP,oBAAA,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;;gBAE5B;;AAGF,YAAA;AACE,gBAAA,IAAI,aAAa,KAAK,UAAU,EAAE;AAChC,oBAAA,SAAS,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC;;AACrC,qBAAA,IAAI,aAAa,KAAK,WAAW,EAAE;AACxC,oBAAA,SAAS,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC;;AACtC,qBAAA,IAAI,aAAa,KAAK,OAAO,EAAE;AACpC,oBAAA,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC;;qBAClC;;AAEL,oBAAA,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC;;gBAEzC;;AAGJ,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAGrB,IAAA,mBAAmB,CAAC,MAAwC,EAAA;AAClE,QAAA,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC;AAClC,QAAAC,OAAY,CAAC,IAAI,GAAG,MAAoB;AACxC,QAAA,SAAS,CAAC,OAAO,CAAC,gBAAgB,CAAC;AACnC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;;AAGrB,IAAA,iBAAiB,CAAC,QAAuB,EAAA;AAC/C,QAAA,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;AAChC,QAAA,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC;QAC3B,SAAS,CAAC,mBAAmB,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC;;AAEpD;;MCxVY,IAAI,CAAA;IACP,OAAO,QAAQ;AAEd,IAAA,OAAO;AAEhB,IAAA,WAAA,CAAoB,MAAmB,EAAA;QACrC,IAAI,CAAC,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC;;IAGxC,OAAO,MAAM,GAAG;AACd,QAAA,KAAK,EAAE;AACL,YAAA,SAAS,EAAE,mBAAmB;AAC/B,SAAA;AACD,QAAA,SAAS,EAAE;AACT,YAAA,gBAAgB,EAAE,6BAA6B;AAC/C,YAAA,SAAS,EAAE,sBAAsB;AACjC,YAAA,OAAO,EAAE,oBAAoB;AAC7B,YAAA,IAAI,EAAE,iBAAiB;AACxB,SAAA;AACD,QAAA,QAAQ,EAAE;AACR,YAAA,OAAO,EAAE,kBAAkB;AAC3B,YAAA,OAAO,EAAE,kBAAkB;AAC3B,YAAA,2BAA2B,EAAE,6BAA6B;AAC3D,SAAA;AACD,QAAA,OAAO,EAAE;AACP,YAAA,cAAc,EAAE,gBAAgB;AAChC,YAAA,eAAe,EAAE,iBAAiB;AACnC,SAAA;KACO;IAEV,aAAa,WAAW,GAAA;AACtB,QAAA,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE;YACzB,MAAM,aAAa,EAAE;AAErB,YAAA,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;;QAG1C,OAAO,IAAI,CAAC,QAAQ;;AAGtB,IAAA,aAAa,UAAU,CAAC,MAAmB,EAAA;AACzC,QAAA,IAAI,IAAI,CAAC,QAAQ,EAAE;YACjB,OAAO,IAAI,CAAC,QAAQ;;QAGtB,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC;AAEhC,QAAA,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,wBAAwB,EAAE;QAChD,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,2BAA2B,EAAE;QAEzD,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAACD,KAAS,CAAC,KAAK,CAAC,EAAE;AAC/C,YAAA,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC;;QAGlC,OAAO,IAAI,CAAC,QAAQ;;AAGtB,IAAA,OAAO,aAAa,GAAA;AAClB,QAAA,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ;;AAGxB,IAAA,YAAY,CAAC,KAAmC,EAAA;AAC9C,QAAA,IAAI;AACF,YAAA,IAAI,OAA4B;AAEhC,YAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AAC7B,gBAAA,OAAO,GAAG,SAAS,CAAe,KAAK,CAAC;;iBACnC;gBACL,OAAO,GAAG,KAAK;;AAGjB,YAAA,IAAI,CAAC,OAAO;AAAE,gBAAA,OAAO,KAAK;YAE1B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;AACrC,YAAA,OAAO,OAAO,CAAC,GAAG,GAAG,WAAW;;QAChC,OAAO,KAAK,EAAE;AACd,YAAAE,gBAAuB,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,KAAK;;;AAIhB,IAAA,MAAM,eAAe,GAAA;AACnB,QAAA,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE;AACnC,QAAA,OAAO,OAAO,KAAK,KAAK,QAAQ;;AAGlC,IAAA,MAAM,QAAQ,GAAA;AACZ,QAAA,MAAM,YAAY,GAAGF,KAAS,CAAC,KAAK;QAEpC,IAAI,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE;AACnD,YAAA,OAAO,YAAY;;AAGrB,QAAA,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;QAEjC,IAAIA,KAAS,CAAC,YAAY,CAAC,IAAI,IAAI,CAACA,KAAS,CAAC,KAAK,EAAE;AACnD,YAAA,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,uBAAuB,CAAC,EAAE,gBAAgB,EAAE,IAAI,CAAC;;QAGjF,OAAOA,KAAS,CAAC,KAAe;;AAGlC,IAAA,MAAM,QAAQ,GAAA;AACZ,QAAA,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE;AAEnC,QAAA,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AAC7B,YAAA,OAAO,IAAI;;QAGb,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,OAAO,IAAI;;AAGb,QAAA,IAAI;AACF,YAAA,OAAO,SAAS,CAAe,KAAK,CAAC;;QACrC,OAAO,KAAK,EAAE;AACd,YAAAE,gBAAuB,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,IAAI;;;AAIf,IAAA,MAAM,MAAM,GAAA;AACV,QAAA,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;QAE9C,IAAI,KAAK,EAAE;AACT,YAAA,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,iBAAiB,EAAE,KAAK,CAAC;;QAGvG,SAAS,CAAC,KAAK,EAAE;AAEjB,QAAA,OAAO,IAAI;;IAGb,QAAQ,GAAA;QACN,OAAOF,KAAS,CAAC,KAAK;;AAGhB,IAAA,eAAe,CAAC,OAAe,EAAE,IAAuB,EAAE,cAAc,GAAG,KAAK,EAAA;AACtF,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc;AAC7C,QAAA,KAAK,CAAC,IAAI,GAAG,IAAI;AACjB,QAAA,KAAK,CAAC,cAAc,GAAG,cAAc;AAErC,QAAA,OAAO,KAAK;;;;;;","names":["authState","profileState","Sentry.captureException"],"sources":["../../node_modules/jwt-decode/build/esm/index.js","src/auth/passkey-auth.ts","src/auth/auth-helpers.ts","src/auth/auth.ts"],"sourcesContent":["export class InvalidTokenError extends Error {\n}\nInvalidTokenError.prototype.name = \"InvalidTokenError\";\nfunction b64DecodeUnicode(str) {\n return decodeURIComponent(atob(str).replace(/(.)/g, (m, p) => {\n let code = p.charCodeAt(0).toString(16).toUpperCase();\n if (code.length < 2) {\n code = \"0\" + code;\n }\n return \"%\" + code;\n }));\n}\nfunction base64UrlDecode(str) {\n let output = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (output.length % 4) {\n case 0:\n break;\n case 2:\n output += \"==\";\n break;\n case 3:\n output += \"=\";\n break;\n default:\n throw new Error(\"base64 string is not of the correct length\");\n }\n try {\n return b64DecodeUnicode(output);\n }\n catch (err) {\n return atob(output);\n }\n}\nexport function jwtDecode(token, options) {\n if (typeof token !== \"string\") {\n throw new InvalidTokenError(\"Invalid token specified: must be a string\");\n }\n options || (options = {});\n const pos = options.header === true ? 0 : 1;\n const part = token.split(\".\")[pos];\n if (typeof part !== \"string\") {\n throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);\n }\n let decoded;\n try {\n decoded = base64UrlDecode(part);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e.message})`);\n }\n try {\n return JSON.parse(decoded);\n }\n catch (e) {\n throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e.message})`);\n }\n}\n","import { jwtDecode } from \"jwt-decode\";\nimport type { PasskeyOptionsResponse, TokenResponse, UnidyClient } from \"../api\";\nimport { createLogger } from \"../logger\";\nimport type { TokenPayload } from \"./auth\";\nimport { authState, authStore } from \"./store/auth-store\";\n\nconst logger = createLogger(\"PasskeyAuth\");\n\nconst PASSKEY_ERRORS: Record<string, string> = {\n NotSupportedError: \"passkey_not_supported\",\n NotAllowedError: \"passkey_cancelled\",\n SecurityError: \"passkey_security_error\",\n InvalidStateError: \"passkey_invalid_state\",\n};\n\nfunction decodeBase64Url(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padded = base64 + \"=\".repeat((4 - (base64.length % 4)) % 4);\n return Uint8Array.from(atob(padded), (c) => c.charCodeAt(0));\n}\n\nfunction buildPublicKeyOptions(options: PasskeyOptionsResponse): PublicKeyCredentialRequestOptions {\n return {\n challenge: Uint8Array.from(atob(options.challenge), (c) => c.charCodeAt(0)),\n timeout: options.timeout || 60000,\n rpId: options.rpId,\n userVerification: (options.userVerification as UserVerificationRequirement) || \"required\",\n allowCredentials: options.allowCredentials?.map((cred) => ({\n ...cred,\n id: decodeBase64Url(cred.id),\n })),\n };\n}\n\nfunction formatCredentialForServer(credential: PublicKeyCredential) {\n const response = credential.response as AuthenticatorAssertionResponse;\n return {\n id: credential.id,\n rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),\n response: {\n authenticatorData: btoa(String.fromCharCode(...new Uint8Array(response.authenticatorData))),\n clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(response.clientDataJSON))),\n signature: btoa(String.fromCharCode(...new Uint8Array(response.signature))),\n },\n type: credential.type,\n };\n}\n\nfunction extractAndSetSignInId(tokenResponse: TokenResponse) {\n if (tokenResponse.sid) {\n authStore.setSignInId(tokenResponse.sid);\n return;\n }\n\n // Fallback: extract sid from JWT token payload\n try {\n const decoded = jwtDecode<TokenPayload>(tokenResponse.jwt);\n if (decoded.sid) {\n authStore.setSignInId(decoded.sid);\n }\n } catch {\n // Failed to decode JWT token to extract sid, continue without it\n }\n}\n\nfunction handlePasskeyError(error: unknown) {\n logger.error(\"Passkey error:\", error);\n\n let errorMessage = \"passkey_error\";\n if (error instanceof DOMException) {\n errorMessage = PASSKEY_ERRORS[error.name] || \"passkey_error\";\n }\n\n authStore.setFieldError(\"passkey\", errorMessage);\n authStore.setLoading(false);\n}\n\nexport async function authenticateWithPasskey(client: UnidyClient, onSuccess: (response: TokenResponse) => void) {\n authStore.setLoading(true);\n authStore.clearErrors();\n\n if (!window.PublicKeyCredential) {\n authStore.setFieldError(\"passkey\", \"passkey_not_supported\");\n authStore.setLoading(false);\n return;\n }\n\n try {\n const [optionsError, options] = await client.auth.getPasskeyOptions(authState.sid || undefined);\n\n if (optionsError || !options) {\n authStore.setFieldError(\"passkey\", optionsError || \"bad_request\");\n authStore.setLoading(false);\n return;\n }\n\n const publicKeyOptions = buildPublicKeyOptions(options as PasskeyOptionsResponse);\n\n const credential = (await navigator.credentials.get({\n publicKey: publicKeyOptions,\n })) as PublicKeyCredential | null;\n\n if (!credential) {\n authStore.setFieldError(\"passkey\", \"passkey_cancelled\");\n authStore.setLoading(false);\n return;\n }\n\n const formattedCredential = formatCredentialForServer(credential);\n\n const [verifyError, tkResponse] = await client.auth.authenticateWithPasskey(formattedCredential);\n\n const tokenResponse = tkResponse as TokenResponse;\n if (verifyError || !tokenResponse) {\n authStore.setGlobalError(\"auth\", verifyError || \"authentication_failed\");\n authStore.setLoading(false);\n return;\n }\n\n authStore.setToken(tokenResponse.jwt);\n extractAndSetSignInId(tokenResponse);\n onSuccess(tokenResponse);\n } catch (error) {\n handlePasskeyError(error);\n }\n}\n","import { jwtDecode } from \"jwt-decode\";\nimport type { CreateSignInResponse, RequiredFieldsResponse, TokenResponse, UnidyClient } from \"../api\";\nimport { authState, authStore } from \"../auth/store/auth-store\";\nimport { t } from \"../i18n\";\nimport { createLogger } from \"../logger\";\nimport type { ProfileRaw } from \"../profile\";\nimport { state as profileState } from \"../profile/store/profile-store\";\nimport { clearUrlParam } from \"../shared/component-utils\";\nimport { Flash } from \"../shared/store/flash-store\";\nimport type { TokenPayload } from \"./auth\";\nimport { authenticateWithPasskey } from \"./passkey-auth\";\n\nexport class AuthHelpers {\n private client: UnidyClient;\n private logger = createLogger(\"AuthHelpers\");\n\n constructor(client: UnidyClient) {\n this.client = client;\n }\n\n async createSignIn(email: string, password?: string, sendMagicCode?: boolean) {\n if (!email) {\n throw new Error(t(\"errors.required_field\", { field: \"Email\" }));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.createSignIn(email, password, sendMagicCode);\n\n if (error) {\n this.handleAuthError(error, response, password ? \"password\" : \"email\");\n return;\n }\n\n if (password) {\n const token = jwtDecode<TokenPayload>((response as TokenResponse).jwt);\n authStore.setSignInId(token.sid);\n authStore.setToken((response as TokenResponse).jwt);\n authStore.setLoading(false);\n authStore.getRootComponentRef()?.onAuth(response as TokenResponse);\n return;\n }\n\n if (sendMagicCode) {\n authStore.setSignInId((response as CreateSignInResponse).sid);\n authStore.setMagicCodeStep(\"sent\");\n authStore.setStep(\"magic-code\");\n authStore.setLoading(false);\n return [error, response] as const;\n }\n const signInResponse = response as CreateSignInResponse;\n authStore.setStep(\"verification\");\n authStore.setEmail(email);\n authStore.setSignInId(signInResponse.sid);\n authStore.setLoginOptions(signInResponse.login_options);\n authStore.setLoading(false);\n }\n\n async authenticateWithPassword(password: string) {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n if (!password) {\n throw new Error(t(\"errors.required_field\", { field: \"Password\" }));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.authenticateWithPassword(authState.sid, password);\n\n if (error) {\n this.handleAuthError(error, response, \"password\");\n } else {\n authStore.setLoading(false);\n this.handleAuthSuccess(response as TokenResponse);\n return;\n }\n }\n\n async authenticateWithMagicCode(code: string) {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n if (!code) {\n throw new Error(t(\"errors.magic_code_is_missing\"));\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.authenticateWithMagicCode(authState.sid, code);\n\n if (error) {\n this.handleAuthError(error, response, \"magicCode\");\n return;\n }\n\n this.handleAuthSuccess(response as TokenResponse);\n }\n\n authenticateWithPasskey() {\n return authenticateWithPasskey(this.client, (response) => this.handleAuthSuccess(response));\n }\n\n async logout() {\n const [error, _] = await this.client.auth.signOut(authState.sid as string);\n\n if (error) {\n authStore.setGlobalError(\"auth\", error);\n }\n\n return [error, _] as const;\n }\n\n async refreshToken() {\n if (authState.step === \"missing-fields\") {\n return;\n }\n\n const sid = clearUrlParam(\"sid\");\n if (sid) {\n authStore.setSignInId(sid);\n }\n\n if (!authState.sid) {\n this.logger.warn(\"No sign-in ID in the session\");\n return;\n }\n\n const [error, response] = await this.client.auth.refreshToken(authState.sid);\n\n if (error) {\n authStore.reset();\n authStore.setGlobalError(\"auth\", error);\n } else {\n authStore.setToken((response as TokenResponse).jwt);\n }\n }\n\n async sendMagicCode() {\n if (!authState.sid && authState.step !== \"single-login\") {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n authStore.setMagicCodeStep(\"requested\");\n authStore.setLoading(true);\n authStore.clearErrors();\n\n if (authState.step === \"single-login\") {\n const [error, response] = await this.createSignIn(authState.email, undefined, true);\n authStore.setLoading(false);\n return [error, response] as const;\n }\n\n const [error, response] = await this.client.auth.sendMagicCode(authState.sid);\n\n authStore.setLoading(false);\n\n authStore.setStep(\"magic-code\");\n\n if (!error) {\n authStore.setMagicCodeStep(\"sent\");\n\n return [null, response] as const;\n }\n\n authStore.setFieldError(\"magicCode\", error);\n\n if (error === \"magic_code_recently_created\") {\n authStore.setMagicCodeStep(\"sent\");\n }\n\n return [error, response] as const;\n }\n\n async sendResetPasswordEmail() {\n if (!authState.sid) {\n throw new Error(t(\"errors.no_sign_in_id\"));\n }\n\n authStore.setLoading(true);\n authStore.setResetPasswordStep(\"requested\");\n\n const [error, _] = await this.client.auth.sendResetPasswordEmail(authState.sid, window.location.href);\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n } else {\n authStore.setResetPasswordStep(\"sent\");\n authStore.clearErrors();\n }\n\n authStore.setLoading(false);\n }\n\n async resetPassword() {\n if (!authState.resetPassword.token) {\n throw new Error(\"No reset token available\");\n }\n\n if (!authState.resetPassword.newPassword) {\n authStore.setFieldError(\"resetPassword\", \"password_required\");\n return;\n }\n\n if (\n authState.resetPassword.passwordConfirmation &&\n authState.resetPassword.newPassword !== authState.resetPassword.passwordConfirmation\n ) {\n authStore.setFieldError(\"resetPassword\", \"passwords_do_not_match\");\n return;\n }\n\n authStore.setLoading(true);\n authStore.clearErrors();\n\n const [error, response] = await this.client.auth.resetPassword(\n authState.sid as string,\n authState.resetPassword.token,\n authState.resetPassword.newPassword,\n authState.resetPassword.passwordConfirmation,\n );\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n\n // TODO: add proper password requirements handling --> for now this is fine\n if (error === \"invalid_password\") {\n authStore.setFieldError(\"password\", response.error_details?.password.map((p) => t(`errors.password_requirements.${p}`)).join(\"\\n\"));\n }\n } else {\n authStore.setStep(\"email\");\n authStore.updateResetPassword({\n step: \"completed\",\n token: null,\n newPassword: \"\",\n passwordConfirmation: \"\",\n });\n\n clearUrlParam(\"reset_password_token\");\n Flash.success.addMessage(\"Password reset successfully\");\n }\n\n authStore.setLoading(false);\n }\n\n async handleResetPasswordRedirect() {\n const url = new URL(window.location.href);\n const params = url.searchParams;\n const resetToken = params.get(\"reset_password_token\");\n\n if (!resetToken) {\n return;\n }\n\n if (authState.sid) {\n authStore.setLoading(true);\n\n const [error] = await this.client.auth.validateResetPasswordToken(authState.sid, resetToken);\n\n if (error) {\n authStore.setFieldError(\"resetPassword\", error);\n authStore.setStep(\"reset-password\");\n authStore.setLoading(false);\n return;\n }\n }\n\n authStore.setResetToken(resetToken);\n authStore.setStep(\"reset-password\");\n authStore.setLoading(false);\n }\n\n handleSocialAuthRedirect(): void {\n const url = new URL(window.location.href);\n const params = url.searchParams;\n const error = params.get(\"error\");\n\n // Not a social auth redirect (normal page load)\n if (!error && !params.has(\"sid\")) {\n return;\n }\n\n // Handle successful social auth redirect\n if (!error && params.has(\"sid\") && params.has(\"id_token\")) {\n authStore.setSignInId(clearUrlParam(\"sid\"));\n\n const idToken = clearUrlParam(\"id_token\");\n\n if (idToken) {\n authStore.setToken(idToken);\n this.handleAuthSuccess({ jwt: idToken } as TokenResponse);\n } else {\n this.logger.error(\"No ID token found in the URL on social auth redirect\");\n }\n\n return;\n }\n\n // Handle missing required fields\n if (error !== \"missing_required_fields\") {\n this.logger.error(\"Social auth redirect error:\", error);\n return;\n }\n\n const fieldsFromUrl = clearUrlParam(\"fields\");\n const sid = clearUrlParam(\"sid\");\n clearUrlParam(\"error\");\n\n if (!fieldsFromUrl || !sid) {\n return;\n }\n\n try {\n const fields = JSON.parse(fieldsFromUrl);\n authStore.setSignInId(sid);\n\n this.handleMissingFields(fields);\n } catch (e) {\n this.logger.error(\"Failed to parse missing fields payload:\", e);\n authStore.setGlobalError(\"auth\", \"invalid_required_fields_payload\");\n }\n }\n\n private handleAuthError(error: string, response: unknown, fallbackField?: \"email\" | \"password\" | \"magicCode\") {\n switch (error) {\n case \"account_not_found\":\n authStore.setFieldError(\"email\", error);\n break;\n\n case \"missing_required_fields\": {\n const { fields, sid } = response as RequiredFieldsResponse;\n this.handleMissingFields(fields);\n if (sid) {\n authStore.setSignInId(sid);\n }\n break;\n }\n\n default:\n if (fallbackField === \"password\") {\n authStore.setFieldError(\"password\", error);\n } else if (fallbackField === \"magicCode\") {\n authStore.setFieldError(\"magicCode\", error);\n } else if (fallbackField === \"email\") {\n authStore.setFieldError(\"email\", error);\n } else {\n // e.g. \"account_locked\", \"internal_server_error\"\n authStore.setGlobalError(\"auth\", error);\n }\n break;\n }\n\n authStore.setLoading(false);\n }\n\n private handleMissingFields(fields: RequiredFieldsResponse[\"fields\"]) {\n authStore.setMissingFields(fields);\n profileState.data = fields as ProfileRaw;\n authStore.setStep(\"missing-fields\");\n authStore.setLoading(false);\n }\n\n private handleAuthSuccess(response: TokenResponse) {\n authStore.setToken(response.jwt);\n authStore.setLoading(false);\n authStore.getRootComponentRef()?.onAuth(response);\n }\n}\n","import * as Sentry from \"@sentry/browser\";\nimport { jwtDecode } from \"jwt-decode\";\nimport type { UnidyClient } from \"../api\";\nimport { getUnidyClient } from \"../api\";\nimport { t } from \"../i18n\";\nimport { waitForConfig } from \"../shared/store/unidy-store\";\nimport { AuthHelpers } from \"./auth-helpers\";\nimport { authState, authStore } from \"./store/auth-store\";\n\nexport interface TokenPayload {\n sub: string; // unidy id\n sid: string; // sign-in id\n exp: number;\n iat: number;\n iss: string;\n aud: string;\n nonce: string;\n auth_time: number;\n email: string;\n email_verified: boolean;\n [key: string]: unknown;\n}\n\nexport type AuthError = Error & {\n code: \"TOKEN_EXPIRED\" | \"REFRESH_FAILED\" | \"NO_TOKEN\" | \"INVALID_TOKEN\" | \"SIGN_IN_NOT_FOUND\" | \"SIGN_OUT_FAILED\";\n requiresReauth: boolean;\n};\n\nexport class Auth {\n private static instance: Auth;\n\n readonly helpers: AuthHelpers;\n\n private constructor(client: UnidyClient) {\n this.helpers = new AuthHelpers(client);\n }\n\n static Errors = {\n email: {\n NOT_FOUND: \"account_not_found\",\n },\n magicCode: {\n RECENTLY_CREATED: \"magic_code_recently_created\",\n NOT_VALID: \"magic_code_not_valid\",\n EXPIRED: \"magic_code_expired\",\n USED: \"magic_code_used\",\n },\n password: {\n INVALID: \"invalid_password\",\n NOT_SET: \"password_not_set\",\n RESET_PASSWORD_ALREADY_SENT: \"reset_password_already_sent\",\n },\n general: {\n ACCOUNT_LOCKED: \"account_locked\",\n SIGN_IN_EXPIRED: \"sign_in_expired\",\n },\n } as const;\n\n static async getInstance(): Promise<Auth> {\n if (!Auth.isInitialized()) {\n await waitForConfig();\n\n return Auth.initialize(getUnidyClient());\n }\n\n return Auth.instance;\n }\n\n static async initialize(client: UnidyClient): Promise<Auth> {\n if (Auth.instance) {\n return Auth.instance;\n }\n\n Auth.instance = new Auth(client);\n\n Auth.instance.helpers.handleSocialAuthRedirect();\n await Auth.instance.helpers.handleResetPasswordRedirect();\n\n if (Auth.instance.isTokenValid(authState.token)) {\n authStore.setAuthenticated(true);\n }\n\n return Auth.instance;\n }\n\n static isInitialized(): boolean {\n return !!Auth.instance;\n }\n\n isTokenValid(token: string | TokenPayload | null): boolean {\n try {\n let decoded: TokenPayload | null;\n\n if (typeof token === \"string\") {\n decoded = jwtDecode<TokenPayload>(token);\n } else {\n decoded = token;\n }\n\n if (!decoded) return false;\n\n const currentTime = Date.now() / 1000;\n return decoded.exp > currentTime;\n } catch (error) {\n Sentry.captureException(error);\n return false;\n }\n }\n\n async isAuthenticated(): Promise<boolean> {\n const token = await this.getToken();\n return typeof token === \"string\";\n }\n\n async getToken(): Promise<string | AuthError> {\n const currentToken = authState.token;\n\n if (currentToken && this.isTokenValid(currentToken)) {\n return currentToken;\n }\n\n await this.helpers.refreshToken();\n\n if (authState.globalErrors.auth || !authState.token) {\n return this.createAuthError(t(\"errors.refresh_failed\"), \"REFRESH_FAILED\", true);\n }\n\n return authState.token as string;\n }\n\n async userData(): Promise<TokenPayload | null> {\n const token = await this.getToken();\n\n if (typeof token !== \"string\") {\n return null;\n }\n\n if (!token) {\n return null;\n }\n\n try {\n return jwtDecode<TokenPayload>(token);\n } catch (error) {\n Sentry.captureException(error);\n return null;\n }\n }\n\n async logout(): Promise<boolean | AuthError> {\n const [error, _] = await this.helpers.logout();\n\n if (error) {\n return this.createAuthError(t(\"errors.sign_out_failed\", { reason: error }), \"SIGN_OUT_FAILED\", false);\n }\n\n authStore.reset();\n\n return true;\n }\n\n getEmail(): string | null {\n return authState.email;\n }\n\n private createAuthError(message: string, code: AuthError[\"code\"], requiresReauth = false): AuthError {\n const error = new Error(message) as AuthError;\n error.code = code;\n error.requiresReauth = requiresReauth;\n\n return error;\n }\n}\n"],"version":3}